Communication terminal devices that are provided for access to a cellular network normally contain an identification module that is personalized for the user of the terminal device and that provides, among other things, data and/or processes for subscriber identification and/or authentication. Examples of such identification modules are SIM (Subscriber Identity Module) and USIM (Universal Subscriber Identity Module) cards of the type used in GSM (Global System for Mobile Communications), UMTS (Universal Mobile Telecommunications System) and LTE (Long Term Evolution) networks. The subscriber identification and/or authentication is generally carried out at the time of logging on to a cellular network in order to determine the authorization to access cellular services, and this involves executing cryptographic operations within the identification module which are carried out using cryptographic keys that are stored in the identification module.
Fundamentally, cryptographic operations can also be carried out for purposes other than for subscriber identification and authentication in an identification module that is installed in a communication terminal device. In particular, verification requests from applications that are executed in the communication terminal device can be responded to by the identification module of the communication terminal device. These can be, for example, verification requests for user authentication on the part of the application. Thus, on the basis of a given verification request, which is responded to by means of the secret keys associated with the identification module, it is possible to determine whether the identification module of an authorized user of the application has been installed in the communication terminal device.
In order to transmit verification requests from an application to an identification module and to transmit the verification response of the identification module to the application, there is a need for communication between the application and the identification module. With some communication terminal devices, a device-internal data exchange can be carried out between the application and the identification module via a corresponding device-internal interface that permits access to the identification module. However, by the same token, there are communication terminal devices in which such interfaces are not present or are blocked due to security guidelines implemented in the devices.